I was recently asked to help a customer set up File Monitoring in Enterprise Manager and I thought since I haven’t blogged in a while, this could be a good way to start back up again..
Enterprise manager 12c provides a very nice Compliance and File Monitoring Framwork. There are many Built in Frameworks include for PCI DSS and STIG but this How-to will only focus on a custom file monitoring framework.
Prior to Setting up Compliance features . Ensure that Privilege Delegation is set to sudo or whatever Privilege delegation provider you are using. and Credentials for Realtime Monitoring are setup for hosts. All the Prereqs are explained here http://docs.oracle.com/cd/E24628_01/em.121/e27046/install_realtime_ccc.htm#EMLCM12307
Also important in the above link is how every OS interacts with these features.
Go To Enterprise -→ Compliance → Library
Create a New Compliance Standard
Name and Describe the Framework
You will see the Framework Created
Now lets add some Facets to monitor > In this example I selected a tnsnames from my rdbms home
Below is a finished facet
Next lets create a rule that uses that facet
After Selecting the right rule lets Add more color
Lets add the facet that defined what file(s) will be monitored
For this example I will select all aspects for testing but ensure that you have sized your respository as well as understand all the consequences for each aspect
Read thru the Additional Setup for RTM http://docs.oracle.com/cd/E24628_01/em.121/e27046/install_realtime_ccc.htm#EMLCM12300
After defining the monitoring actions, you have the option to filtor and create monitoring rules based on specific events.
I will skip this for now
As we inch towards the end we can authorize changes and each event manually or incorporate a Change Management System that has a connector available in EM12c.
After We have completed this, we now have an opportunity to review the setting and then make this rule production.
Now lets create a Standard. We are creating a custom File Monitoring Standard With a RTM type Standard Applicable to host
We will add rules to the File Monitor . In this Case we will add the tnsnames rule we created to the Standard. You can add standard as well as rules to a Standard
Next Lets Associate Targets to this Standard.
You will be asked to confirm
Optionally now you can add this to the compliance framework for one stop monitoring
Now that we have set everything up. Lets Test this. Here is the original tnsnames.ora
Lets add another tns entry
Prior to the change . here is that the Compliance Results Page Looks Like. As you can see the evaluation was successful. And we are 100% compliancet
Now If If go to Compliance -> Real time observations . I can see that I didn’t install the Kernel module needed for granular control and this cannot use certain functionality
So I’m going to remove these from my rule for now.
Now I have made a whole bunch of changes including even moving the file. It is all captured .
There are many changes here and we can actually compare what changed
If you select unauthorized as the audited event for the change the compliance score drops and you can use it for see how many violations for a given rule happen.
In Summary. Em12c Provides a very robust framework of monitoring compliance standards as well as custom created frameworks to ensure your auditors and IT Managers are happy.
